Submission Details
Impact:
Likelihood:
Loops in `constructor` serve possibility for Unbounded Gas Consumption
Chore: Gas optimization on on every loop iteration
Description
-
weathers.lengthis called on every loop iteration. In EVM, this costs gas because the length is read from storage or memory repeatedly -
High likelihood for deployment running out of gas esp when
weathersis a large array
// constructor
constructor(
Weather[] memory weathers,
string[] memory weatherURIs,
address functionsRouter,
FunctionsConfig memory _config,
uint256 _currentMintPrice,
uint256 _stepIncreasePerMint,
address _link,
address _keeperRegistry,
address _keeperRegistrar,
uint32 _upkeepGaslimit
)
ERC721("Weather NFT", "W-NFT")
FunctionsClient(functionsRouter)
ConfirmedOwner(msg.sender)
{
require(
weathers.length == weatherURIs.length,
WeatherNft__IncorrectLength()
);
@> for (uint256 i; i < weathers.length; ++i) {
s_weatherToTokenURI[weathers[i]] = weatherURIs[i];
}
s_functionsConfig = _config;
s_currentMintPrice = _currentMintPrice;
s_stepIncreasePerMint = _stepIncreasePerMint;
s_link = _link;
s_keeperRegistry = _keeperRegistry;
s_keeperRegistrar = _keeperRegistrar;
s_upkeepGaslimit = _upkeepGaslimit;
s_tokenCounter = 1;
}
Risk
Likelihood:
On every (constructor) loop iteration
Impact:
Possible DoS on deployment, or gas consumption
Proof of Concept
for (uint256 i; i < weathers.length; ++i) {
// Unbounded gas consumption in above conditional - for each iteration
s_weatherToTokenURI[weathers[i]] = weatherURIs[i];
}
Recommended Mitigation
- for (uint256 i; i < weathers.length; ++i) {
+ // cache the length in a local variable `len`
+ uint256 len = weathers.length;
+ for (uint256 i; i < len; ++i) {
Rewards breakdown
nSLOC
236This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.